Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDE59FED96-60DA-11EE-9102-000C29DE725B
HistorySep 01, 2023 - 12:00 a.m.

mediawiki -- multiple vulnerabilities

2023-09-0100:00:00
vuxml.freebsd.org
18
mediawiki
multiple vulnerabilities
incorrect permission
infinite loop
potential xss
title assumption
file upload
stored xss
unix

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

51.1%

JSON

Mediawikwi reports:

(T264765, CVE-2023-PENDING) SECURITY: Users without correct permission
are incorrectly shown MediaWiki:Missing-revision-permission.
(T333050, CVE-2023-PENDING) SECURITY: Fix infinite loop for
self-redirects with variants conversion.
(T340217, CVE-2023-PENDING) SECURITY: Vector 2022: Numerous unescaped
messages leading to potential XSS.
(T340220, CVE-2023-PENDING) SECURITY: Vector 2022: vector-intro-page
message is assumed to yield a valid title.
(T340221, CVE-2023-PENDING) SECURITY: XSS via
‘youhavenewmessagesmanyusers’ and ‘youhavenewmessages’ messages.
(T341529, CVE-2023-PENDING) SECURITY: diff-multi-sameuser (“X
intermediate revisions by the same user not shown”) ignores username
suppression.
(T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML
file to Special:Upload (non-standard configuration).

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmediawiki135< 1.35.13UNKNOWN
FreeBSDanynoarchmediawiki139< 1.39.5UNKNOWN
FreeBSDanynoarchmediawiki140< 1.40.1UNKNOWN

Related

redhatcve 1
cvelist 1
debiancve 1
prion 1
cnvd 1
nessus 4
osv 4
veracode 1
cve 1
ubuntucve 1
vulnrichment 1
nvd 1
debian 2
openvas 9
mageia 1
fedora 4
redhatcve
redhatcve
CVE-2023-3550
2023-09-26 17:25:20
cvelist
cvelist
CVE-2023-3550 Stored XSS leads to privilege escalation in MediaWiki v1.40.0
2023-09-25 15:20:27
debiancve
debiancve
CVE-2023-3550
2023-09-25 16:15:14
prion
prion
Design/Logic Flaw
2023-09-25 16:15:00
cnvd
cnvd
Mediawiki input validation error vulnerability (CNVD-2023-79688)
2023-09-27 00:00:00
nessus
nessus
FreeBSD : mediawiki -- multiple vulnerabilities (e59fed96-60da-11ee-9102-000c29de725b)
2023-10-02 00:00:00
Debian DLA-3671-1 : mediawiki - LTS security update
2023-11-28 00:00:00
Debian DSA-5520-1 : mediawiki - security update
2023-10-10 00:00:00
osv
osv
BIT-mediawiki-2023-3550
2024-03-06 11:01:36
CVE-2023-3550
2023-09-25 16:15:14
mediawiki - security update
2023-11-28 00:00:00
veracode
veracode
XML External Entity (XXE) Injection
2023-10-10 18:52:54
cve
cve
CVE-2023-3550
2023-09-25 16:15:14
ubuntucve
ubuntucve
CVE-2023-3550
2023-09-25 00:00:00
vulnrichment
vulnrichment
CVE-2023-3550 Stored XSS leads to privilege escalation in MediaWiki v1.40.0
2023-09-25 15:20:27
nvd
nvd
CVE-2023-3550
2023-09-25 16:15:14
debian
debian
[SECURITY] [DLA 3671-1] mediawiki security update
2023-11-28 11:46:19
[SECURITY] [DSA 5520-1] mediawiki security update
2023-10-10 19:25:45
openvas
openvas
Debian: Security Advisory (DLA-3671-1)
2023-11-29 00:00:00
MediaWiki < 1.35.12, 1.36.x < 1.39.5, 1.40.x < 1.40.1 Multiple Vulnerabilities - Linux
2023-10-18 00:00:00
MediaWiki < 1.35.12, 1.36.x < 1.39.5, 1.40.x < 1.40.1 Multiple Vulnerabilities - Windows
2023-10-18 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerabilities
2024-05-01 01:25:14
fedora
fedora
[SECURITY] Fedora 40 Update: php-wikimedia-utfnormal-4.0.0-1.fc40
2024-05-11 01:32:03
[SECURITY] Fedora 40 Update: php-oojs-oojs-ui-0.48.1-1.fc40
2024-05-11 01:32:03
[SECURITY] Fedora 40 Update: mediawiki-1.41.1-1.fc40
2024-05-11 01:32:02

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

51.1%

JSON
Related for E59FED96-60DA-11EE-9102-000C29DE725B
redhatcve1cvelist1debiancve1prion1cnvd1nessus4osv4veracode1cve1ubuntucve1vulnrichment1nvd1debian2openvas9mageia1fedora4